Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS plugin MFA for source profiles #9408

Closed
robvadai opened this issue Oct 31, 2020 · 8 comments · Fixed by #9411
Closed

AWS plugin MFA for source profiles #9408

robvadai opened this issue Oct 31, 2020 · 8 comments · Fixed by #9411

Comments

@robvadai
Copy link
Contributor

Originator: #9394

Hi @maksyms ,

it works fine when I use a role but it doesn't prompt for MFA for the source profile anymore.

I added mfa_serial to my source profile.

So this source profile has mfa_serial but not role_arn and source_profile obviously.

I fixed it but the code has some duplications, need to tidy it up: https://github.com/ohmyzsh/ohmyzsh/compare/master...robvadai:bugfix/aws-mfa-with-source?expand=1
@robvadai robvadai mentioned this issue Oct 31, 2020
Closed
@maksyms
Copy link
Contributor

maksyms commented Oct 31, 2020

@robvadai Could yo please share your anonymised .aws/config and .aws/credentials? I want to understand your setup please.

@robvadai
Copy link
Contributor Author

~/.aws/credentials

[myprofile]
aws_access_key_id = ...
aws_secret_access_key = ...

~/.aws/config

[profile myprofile]
mfa_serial = arn:aws:iam::11111111111111:mfa/myuser
region = eu-west-1
output = json

[profile other_profile]
role_arn = arn:aws:iam::9999999999:role/user-myuser
mfa_serial = arn:aws:iam::11111111111111:mfa/myuser
source_profile = myprofile
region = eu-west-1
output = json

So my issue was when I wanted to authenticate with MFA for myprofile

@maksyms
Copy link
Contributor

maksyms commented Oct 31, 2020

Ok, so you want MFA to happen when you change to both myprofile and other_profile, not only other_profile, right? If so - yes, I can see why it might not work, fair point.

@robvadai
Copy link
Contributor Author

Yep exactly, for one company this is the set up. The other company merely uses the source profile to allow other roles' access.

@maksyms maksyms mentioned this issue Oct 31, 2020
Closed
@maksyms
Copy link
Contributor

maksyms commented Oct 31, 2020

@robvadai understood. I've only come across "the other company" setups, hence "one company" use case wasn't catered for. I'll check your suggestions later, thanks again! 👍

@maksyms
Copy link
Contributor

maksyms commented Oct 31, 2020

@robvadai I've added this feature to the plugin. I have a suspicion it will also affect #9409 .

Could you please test before I go ahead with a pull request?

The updated version of the plugin is here:

https://github.com/maksyms/oh-my-zsh/blob/mfa_for_source_profile/plugins/aws/aws.plugin.zsh

@maksyms maksyms mentioned this issue Oct 31, 2020
Merged
7 tasks
@robvadai
Copy link
Contributor Author

robvadai commented Nov 2, 2020

MFA for 'source profile' works; what still doesn't work is here: #9409 (comment)

@robvadai
Copy link
Contributor Author

robvadai commented Nov 4, 2020

The problem described in this issue is solved with your changes, shall we merge it to move on?

mcornella pushed a commit that referenced this issue Nov 4, 2020
@maksyms
fix(aws): support MFA for profiles without role to assume (#9411)
3e6ee85 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes #9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
shlomif pushed a commit to shlomif/oh-my-zsh that referenced this issue Nov 8, 2020
@maksyms @shlomif
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
7daa8d3 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
msmafra pushed a commit to msmafra/ohmyzsh that referenced this issue Nov 15, 2020
@maksyms @msmafra
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
fff033e 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
sevenever pushed a commit to sevenever/ohmyzsh that referenced this issue Jan 13, 2021
@maksyms @sevenever
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
2563cac 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
erwinvaneijk pushed a commit to erwinvaneijk/oh-my-zsh that referenced this issue Feb 21, 2021
@maksyms @erwinvaneijk
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
a9f42c4 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
dpond pushed a commit to dpond/ohmyzsh that referenced this issue Mar 23, 2021
@maksyms @dpond-adobe
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
465d855 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
avpalmeira pushed a commit to avpalmeira/ohmyzsh that referenced this issue May 20, 2021
@maksyms @avpalmeira
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
79b3f24 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
osamuelsson pushed a commit to osamuelsson/oh-my-zsh that referenced this issue May 28, 2021
@maksyms
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
3b573b6 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
grantstephens pushed a commit to grantstephens/oh-my-zsh that referenced this issue Jun 23, 2021
@maksyms @grantstephens
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
65e9630 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
tinogomes pushed a commit to tinogomes/ohmyzsh that referenced this issue Sep 24, 2021
@maksyms @tinogomes
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
430d1ce 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
tekniklr pushed a commit to tekniklr/oh-my-zsh that referenced this issue Sep 6, 2022
@maksyms
fix(aws): support MFA for profiles without role to assume (ohmyzsh#9411)
e5798a9 
Previously, the plugin only supported MFA for profiles that had a role to assume, specified in role_arn. Now, the plugin supports MFA for profiles without a role to assume.

Closes ohmyzsh#9408

* refactor(aws plugin): remove dependency on jq

Previously, acp command relied on jq. Now that dependency has been removed, as well as some linter suggestions implemented.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

AWS plugin: support MFA for profiles without role to assume
2 participants
@maksyms @robvadai